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AMENDMENTS TO THE CLAIMS 

Applicant submits below a complete listing of the current claims, including marked-up 
claims with insertions indicated by underlining and deletions indicated by strikeouts and/or 
double bracketing. This listing of claims replaces all prior versions, and listings, of claims in the 
application: 

Listing of the Claims 

1-6. (Canceled) 

7. (Currently Amended) An object model embodied on a computer-readable medium 
for managing a service on a computer, the object model comprising: 

a policy object model for specifying, by a first user, if it has been determined that the first 
user is authorized to perform the specification by comparing a rank of the first user against a 
permitted rank, on e or mor e policies at least one first policy that the service supports in a packet- 
centric form, and, by a second user, at least one second policy by selecting a security level from 
a plurality of security levels, with each security level from the plurality of security levels being 
previously set for a specified application and a specified user said on e or more polici e s in a user - 
c e ntric form and/or an application c e ntric form ; and 

a policy engine platform for interacting of the said first user with the at least one first 
policy said one or more policies sp e cifi e d in said pack e t c e ntric form and of the-said second user 
with the at least one second policy said on e or more polici e s sp e cifi e d in said user centric form 
and/or said application c e ntric form , and to provide the at least one first policy and the at least 
one second policy said on e or more policies to saM at least one component that actually performs 
the service. 

8. (Previously presented) The object model of claim 7, wherein the policy engine 
platform comprises a rule editor for adding an additional policy by said first user in accordance 
with the policy object model. 
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9. (Previously presented) The object model of claim 8, wherein the rule editor is also 
configured by said first user to delete a policy. 

1 0. (Previously presented) The object model of claim 8, wherein the rule editor is also 
configured by said first user to edit a policy. 

11. (Original) The object model of claim 7, wherein the policy engine platform 
comprises a setting editor configured to automatically generate a policy based upon an 
application and user combination. 

12. (Previously presented) The object model of claim 11, wherein the setting editor 
generates a plurality of policies, and is further configured to permit said second user to select 
from the plurality of policies. 

13. (Previously presented) The object model of claim 12, wherein the setting editor is 
further configured by said second user to permit setting one of the plurality of policies as a 
default policy. 

14. (Currently Amended) The object model of claim 7, wherein the policy engine 
platform comprises a rule explorer for providing a view of the at least one first policy and the at 
least one second policy on e or more polici e s . 

15. (Currently Amended) The object model of claim 7, wherein the policy object 
model comprises a policyrule object usable to generate a policy, the policyrule object comprising 
a condition property and an action property, wherein [[a]] the policy generated by the policyrule 
object is configured to perform an action specified in the action property responsive to a 
condition specified in the condition property being met. 



16. 



(Original) The object model of claim 7, wherein the service is a firewall service. 



Application No. 10/740,748 _ 4 _ Docket No.: Ml 103.70168USOO 

After Final Office Action of April 16, 2007 

17. (Currently Amended) The object model of claim 7, wherein the policy engine 
platform is configured to deny providing the at least one first policy and/or the at least one 
second policy said one or more policies to the at least one component if a requestor is not 
authorized. 

18. (Currently Amended) The object model of claim 1 7, wherein determining whether 
[[a]] the requestor is authorized comprises comparing a provider rank for the requestor against a 
permitted provider rank, and if the provider rank for the requestor does not meet or exceed the 
permitted provider rank, denying the requestor. 

19. (Currently Amended) A method of managing a service on a computer, the method 
comprising: 

specifying, via a policy object model, by a first user, if it has been determined that the 
first user is authorized to perform the specification by comparing a rank of the first user against a 
permitted rank, one or mor e policies at least one first policy that the service supports in a packet- 
centric form, and, by a second user, at least one second policy by selecting a security level from 
a plurality of security levels, with each security level from the plurality of security levels being 
previously set for a specified application and a specified user said on e or mor e polici e s in a user 
centric form and/or an application c e ntric form ; 

interacting, via a policy engine platform, of the said first user with the at least one first 
policy said one or mor e polici e s sp e cified in said packet c e ntric form , and of the-saM second user 
with the at least one second policy said one or more polici e s sp e cified in said user c e ntric form 
and/or said application centric form ; and 

providing, via the policy engine platform, the at least one first policy and the at least one 
second policy said one or more polici e s to at least one component that actually performs the 
service. 



20. (Original) The method of claim 19, further comprising automatically generating a 
policy based upon an application and user combination. 
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21. (Currently Amended) The method of claim 20, further comprising generates 
generating a plurality of policies, and permitting a user to select at least one policy from the 
plurality of policies. 

22. (Previously Presented) The method of claim 21, further comprising setting one of 
the plurality of policies as a default policy. 

23. (Currently Amended) The method of claim 22, further comprising authorizing a 
user prior to allowing the user to select the at least one policy from the plurality of policies 
providing said on e or mor e policies . 

24. (Currently Amended) An object model embodied on a computer-readable medium 
for managing a firewall service on a computer, the object model comprising a policy object 
model used to specify, by a first user, if it has been determined that the first user is authorized to 
perform the specification by comparing a rank of the first user against a permitted rank, at least 
one first policy on e or more polici e s that the firewall service supports in a packet-centric form, 
and, by a second user, at least one second policy by selecting a security level from a plurality of 
security levels, with each security level from the plurality of security levels being previously set 
for a specified application and a specified user said on e or mor e polici e s in a us e r c e ntric form 
and/or an application c e ntric form , the policy model comprising a policyrule object usable to 
generate a policy, the policyrule object comprising a condition property and an action property, 
wherein [[a]] the policy generated by the policyrule object is configured to perform an action 
specified in the action property responsive to a condition specified in the condition property 
being met. 

25. (Original) The object model of claim 24, further comprising an IPSecRule derived 
from the policyrule object, the IPSecRule being configured to trigger an IPSec callout when an 
IPSec condition is matched, and to indicate configuration parameters for securing traffic related 
to the callout. 
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26. (Original) The object model of claim 25, wherein the IPSecRule evaluates a 
standard 5 -tuple to determine if a condition has been met. 

27. (Original) The object model of claim 24, further comprising a KeyingModuleRule 
derived from the policyrule object, the KeyingModuleRule being configured to select which key 
negotiation module to use when there is no existing secure channel to a remote peer. 

28. (Original) The object model of claim 27, wherein the KeyingModuleRule 
evaluates a standard 5 -tuple to determine if a condition has been met. 

29. (Original) The object model of claim 24, further comprising a IKERule derived 
from the policyrule object and configured to specify the parameters for carrying out Internet Key 
Exchange key negotiation protocol. 

30. (Original) The object model of claim 29, wherein the IKERule evaluates a local 
address and a remote address to determine if a condition has been met. 

31. (Currently Amended) The object model of claim 29, wherein the IKERule 
comprises an IKEAction action property that defines [[the]] authentication methods for 
performing Internet Key Exchange key negotiation protocol. 



